Developer tips

How to Obtain Signer’s Details From JavaScript Signed Data

In a previous post I described how to sign data with only javascript. Now, this data should be used on the server side for something. Here is how a Java developer can extract the signature details, and verify whether the content received from a form is really what has been signed. The general scenario is – a user submits a form, the data from which he signs. Then on the server the submitted data should be verified against the signed (PKCS7) data.

And of course, you provide your own implementation of getSubjectInfos method, putting whatever data you need from the certificate in the Map.

4 thoughts on “How to Obtain Signer’s Details From JavaScript Signed Data”

Браво 😉
Great code, thanks a lot. Works great. I implemented it in Domino XPages web application. I have two questions:

1. Is there a way to sign an uploaded file instead of just text?

2. I searched all over the net to try to find out how to programmatically verify the info I extracted from the certificate with the data from the Provider of the Signature. Is this actually needed to verify the authenticity of the signature? What do I have to check – maybe the Public Keys to be the same. Do you have any ideas?